Hack On Microsoft Similar To Attacks On Apple, Facebook

Microsoft officials revealed on Friday that the Redmond, Washington-based company had been targeted by the same hackers who had previously set their sights on Apple and Facebook.

In an official Security Response Center blog post published Friday, Matt Thomlinson, General Manager of Microsoft´s Trustworthy Computing Security division said that the tech giant had “recently experienced” a “security intrusion” that was “similar” in nature to those reported by the iPad maker and the popular social network.

“During our investigation, we found a small number of computers, including some in our Mac business unit that were infected by malicious software using techniques similar to those documented by other organizations,” Thomlinson said. “We have no evidence of customer data being affected and our investigation is ongoing.”

“Consistent with our security response practices, we chose not to make a statement during the initial information gathering process,” he added. “This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends).”

According to PCMag´s Damon Poeter, the Windows and Internet Explorer developers were aware of the attack for an undisclosed period of time before making Friday´s public announcement. Microsoft officials did not elaborate on the exact nature of the attack beyond comparing it to those that victimized Apple and Facebook earlier this month.

However, Matthew Panzarino of The Next Web points out that by referencing those attacks “by name,” Thomlinson is essentially “indicating that the vector for attack was the same.”

“These incidents were perpetrated by utilizing a zero-day Java vulnerability injected into an iOS developer website without the owner´s knowledge,” Panzarino explained.

That vulnerability, which has since been closed by software developer Oracle in a recent patch, allowed the malware to infect Facebook laptops that had been running up-to-date antivirus software, The Telegraph added.

In an apparently unrelated incident, Panzarino also noted that components of Microsoft´s Azure cloud platform experienced a global outage on Friday. An expired security certificate was said to be the culprit for that incident, which affected several of the company´s services, including Xbox Live.